A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

TOP VULNERABILITY THIS WEEK:
The bank DDoS attacks being generated by the ?itsoknoproblembro?
script have continued apace over the last week, with rumors that
defense contractors and others outside the banking industry are to
be targeted soon.

******************** Sponsored By SANS ********************

Learn the results of the SANS Mobility Security Policy and
Controls Survey in a two-part webcast series held at 1 PM
EST on Tuesday, October 23: Part I Wish Lists and Policieshttps://www.sans.org/info/115562 and Thursday, October 25: Part II BYOD
Security Practices https://www.sans.org/info/115577 Register for these
webcasts and receive an Advanced Copy of the associated whitepaper
report developed by SANS analysts Kevin Johnson and Tony DeLaGrange!

- - --SANS Security East 2013 New Orleans, LA January 16-23, 2013
11 courses. Bonus evening presentations include The Next Wave - Data
Center Consolidation; Top Threats to Cloud for 2013; and Hacking Your
Friends and Neighbors for Fun.http://www.sans.org/event/security-east-2013

- - --NA SCADA and Process Control Summit 2013 Lake Buena Vista, FL February 6-13, 2013
The Summit brings together the program managers, control systems
engineers, IT security professionals and critical infrastructure
protection specialists from asset owning and operating organizations
along with control systems and security vendors who have innovative
solutions for improving security. The Security Summit is an action
conference designed so that every attendee leaves with new tools and
techniques they can put to work immediately when they return to their
office. The Summit is the place to come and interact with top SCADA
experts, key government personnel, researchers and asset owners at
the multiple special networking events.http://www.sans.org/event/north-american-scada-2013

Title: ?itsoknoproblembro? and Recent DDoS Attacks
Description: The bank DDoS attacks being generated by the
?itsoknoproblembro? script have continued apace over the last
week, with rumors that defense contractors and others outside the
banking industry are to be targeted soon. As the attacks have worn on,
additional details have come to light about the mechanisms being used,
which are allowing potential targets to better protect themselves.
Specifically, the script in question has been observed in the wild
on compromised web servers with high-bandwidth links, and some of
the patterns being used in the DDoS attacks have come to light as well.
Reference:http://vrt-blog.snort.org/2012/10/itsoknoproblembro-vrt-has-you-covered.html
Snort SID: 24388 - 24396
ClamAV: PHP.Trojan.itsoknoproblembro*

Title: Multiple Remote Attacks in Steam Browser URIs
Description: A report was released on Monday by a pair of respected
researchers detailing multiple vulnerabilities in the Steam game URI
handler, including potential remote code execution, the ability to
write files to the victim host directly, etc. The researchers strongly
suggest disabling this URI handler until a patch has been issued by
Steam. While attacks have yet to be directly observed in the wild,
the trivial nature of certain types of exploitation all but ensures
that it will be abused soon. Network administrators should consider
Snort SID 24397, which simply blocks all Steam URIs on a given network.
Reference:http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf
Snort SID: 24397
ClamAV: N/A

This is a list of recent vulnerabilities for which exploits are available.
System administrators can use this list to help in prioritization of their
remediation activities. The Qualys Vulnerability Research Team compiles this
information based on various exploit frameworks, exploit databases, exploit
kits and monitoring of internet activity.

(c) 2012. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
https://www.sans.org/account